#!/bin/bash
#
# letsencrypt-update-csr domain account [additionalname ...]
#
# Create the necessary files for using the letsencrypt-iztaci tools:
#
# - account key (account.key)
# - domain certificate (*.key)
# - certificate signing request (*.csr)
#
# Copyright 2019 Felipe Sanchez
#
# This program can be distributed under the terms of the
# GNU General Public License, version 2.
#

RECHA="20250116"
VERSION="1.2.2"

set -e

if [[ -z "$2" ]]; then
   echo "Usage: $(basename $0) domain account [additionalname ...]"
   exit 1
fi

orig_umask=$(umask)

nombre="$1"
cuenta="$2"
shift 2
extras="$@"

llave_cuenta="/etc/letsencrypt/account-keys/${cuenta}-account.key"
llave="/etc/letsencrypt/keys/${nombre}.key"
csr="/etc/letsencrypt/csr/${nombre}.csr"
challdir="/etc/letsencrypt/challenges/${nombre}"

umask 0377
if [[ ! -f $llave_cuenta ]]; then
   echo
   echo "--> Creating ACCOUNT key: $llave_cuenta"
   echo
   openssl genrsa 4096 > "$llave_cuenta"
fi

if [[ -f $llave ]]; then
   echo
   echo "WARNING: A key for this domain name exists already: $llave"
   echo "WARNING: We will only update the CSR."
   echo
else
   echo
   echo "--> Creating private key for the domain: $llave"
   echo
   openssl genrsa 4096 > $llave
fi


if [[ -f $csr ]]; then
   echo
   echo "WARNING: A CSR for this name exists already: $csr"
   echo "WARNING: The names contained in this CSR are:"
   echo
   openssl req -in "$csr" -text | grep DNS | tr -d '[:blank:]' | sed 's/,DNS/ \/ DNS/g'
   echo
   echo "Press ENTER to overwrite the CSR or hit Ctrl-C to abort."
   read junk
fi

altnames1="DNS:${nombre}"
altnames2=""
for n in $extras; do
   if [[ -z "$altnames2" ]]; then
      altnames2="DNS:${n}"
   else
      altnames2="${altnames2},DNS:${n}"
   fi
done

if [[ "${altnames2}" ]]; then
   altnames="${altnames1},${altnames2}"
else
   altnames="$altnames1"
fi

umask $orig_umask

rm -vf "$csr"
echo
echo "Creating CSR for: $altnames"
openssl req -new -sha256 -key $llave \
   -subj "/"    \
   -reqexts SAN \
   -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=${altnames}")) > "$csr"

mkdir -vp "$challdir"

echo "Done"
